CVE-2021-41990

Опубликовано: 18 окт. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 5

CVSS3: 7.5

Описание

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example, this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

Релиз	Статус	Примечание
bionic	released	5.6.2-1ubuntu2.7
devel	released	5.9.1-1ubuntu3.1
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	released	5.6.2-1ubuntu2.7
esm-infra/focal	released	5.8.2-1ubuntu3.3
esm-infra/xenial	not-affected	code not present
fips-preview/jammy	released	5.9.1-1ubuntu3.1
fips-updates/bionic	released	5.6.2-1ubuntu2.fips.2.7.1
fips-updates/focal	released	5.8.2-1ubuntu3.fips.3.3.1
fips-updates/jammy	released	5.9.1-1ubuntu3.1

Показывать по

Ссылки на источники

EPSS

Процентиль: 85%

0.02501

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-41990

CVSS3: 7.5

redhat

больше 4 лет назад

CVE-2021-41990

CVSS3: 7.5

nvd

больше 4 лет назад

CVE-2021-41990

CVSS3: 7.5

msrc

больше 4 лет назад

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflow via a crafted certificate with an RSASSA-PSS signature. For example this can be triggered by an unrelated self-signed CA certificate sent by an initiator. Remote code execution cannot occur.

CVE-2021-41990

CVSS3: 7.5

debian

больше 4 лет назад

The gmp plugin in strongSwan before 5.9.4 has a remote integer overflo ...

GHSA-3wp5-cvp4-5h42

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 85%

0.02501

Низкий

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2021-41990

Описание

Пакет strongswan

Ссылки на источники

Связанные уязвимости